CTPAT Continued - Requirement 3
We take assessments throughout our lives. Whether for school, or to be able to drive a car, or even as part of the job application process. These assessments are used to test our readiness and capabilities as well as providing helpful feedback on where we need to improve. Your corporate network is no different and CTPAT minimum security requirement 3 requires it.
CTPAT Members using network systems must regularly test the security of their IT infrastructure. If vulnerabilities are found, corrective actions must be implemented as soon as feasible.
Vulnerability assessments have been part of security compliance for a long time. Anyone who has had to work through PCI or HIPAA will have experience with the process. Many companies assess their networks annually and some multiple times a year. AEGIS Innovators recommends that vulnerability assessments and penetration tests be managed by a trusted third party who will not let bias affect their approach.
These assessments provide valuable information but are only as useful as your ability to prioritize and remediate the vulnerabilities that carry the greatest risk to your organization. Also there are strategies that can be implemented to ensure that systems are patched and that your organization takes a proactive approach to vulnerability management.
If you are unsure where to find a partner for vulnerability assessments please reach out and book a meeting with one of our consultants will be able to assist.